After the relevant event information has been captured, the information is formatted into
an audit record. Contained in each audit record is information that identifies the
event, what caused the event, the time of the event, and other relevant
information. This record is then placed in an audit queue and sent to
the active plugins for storage. At least one plugin must be active, although
all plugins can be active. Plugins are described in How Is Auditing Configured? and Audit Plugin Modules.